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DETAILED ACTION 

1. Currently pending claims are 1 - 15 and 23 - 26 (i.e. elected Group I). 

Response to Arguments 

2. Applicant's Applicant's arguments with respect to instant claims have been fully 
considered but are moot in view of the new ground(s) of rejection necessitated by 
Applicant's amendment. 

Double Patenting 

The nonstatutory provisional double patenting rejection is based on a judicially 
created doctrine grounded in public policy (a policy reflected in the statute) so as to 
prevent the unjustified or improper timewise extension of the "right to exclude" granted 
by a patent and to prevent possible harassment by multiple assignees. See In re 
Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 
225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 
(CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re 
Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1.130(b). 
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Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

3. Claims 1 - 4, 1 2 - 1 5 and 23 - 26 are rejected under the judicially created 
doctrine of obviousness-type provisional double patenting as being unpatentable over 
claims of copending application 10/661,903. Although the conflicting claims are not 
identical, they are not patentably distinct from each other because claims 1 - 4 and 1 1 
of the instant application are envisioned by the claims of the copending application that 
contain all the limitations of claims of the instant application and as such claims of the 
instant application are not patently distinct from the earlier copending application claim 
and as such are unpatentable for obvious-type provisional double patenting. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

4. Claims 3, 15 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Liu (U.S. Patent 2002/0154635), which incorporates the reference of Caronni et al. 
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(U.S. Patent 6,970,941) as shown in (Liu: Para r00021) . in view of Shimbo et al. (U.S. 
Patent 6,185,680). 

As per claim 1 , Liu / Caronni teaches a method of securing packet data 
transferred between a first and second member of a private network over a backbone, 
the backbone operating according to a routing protocol (Caronni : Column 2 Line 14 - 
35 and Column 4 Line 38 - 52), the method comprising the steps of: 

receiving a packet including a private network address comprising a source 
address, a destination address and a payload (Caronni : Column 1 1 Line 37-61 & Liu: 
Para [0025]); 

apportioning the packet into a first portion and a second portion, wherein the first 
portion includes fields of the packet used for transmission of the packet according the 
protocol of the backbone including the private network address and the second portion 
includes payload (Caronni : Figure 2B & Column 12 Line 1 1 - 19: the first portion is the 
SRC/DST real address according the protocol of the backbone & Liu: Para [0025]). 

Liu / Caronni does not disclose expressly appending a gateway source address 
with te source address of the packet to the second portion. 

Shimbo teaches appending a gateway source address with te source address of 
the packet to the second portion (Shimbo: Column 26 Line 28 - 36 & Caronni : Figure 
2B& Column 12 Line 11 - 19). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu 
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because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure (Liu: Para [0015] and [0018]) / Caronni teaches modifying a IP packet 
format so that any type of delivery scheme may be assigned to any address or group of 
addresses (Caronni: Column 3 Line 19-25) and (b) Shimbo teaches providing an 
efficient, flexible and secured method to protect the data communication in any type of 
networks such as hierarchical organized or mobile computing environment by using a 
security gateway (Shimbo: Column 3 Line 39 - 50). 

transforming the second portion of the packet according to a group security 
association associated with the private network to provide a transformed portion 
(Caronni : Column 7 Line 5 - 33, Column 3 Line 17 - 21 and Column 1 1 Line 37 - 43: 
VARPDB stores the mappings of the internal / private address, known as node ID, 
which is considered as a part of the group security association and the Supernet 
contains a modification to the IP packet format that can be used to separate network 
behavior from addressing); 

appending the first portion of the packet to the transformed portion to provide a 
transformed packet (Caronni : Figure 2B & Column 12 Line 11 - 19: the first portion is 
the SRC/DST real addresses according the protocol of the backbone is appended to the 
second portion of SRC/DST virtual addresses); and 

transmitting the transformed packet to the backbone using the private network 
address (Caronni : Column 3 Line 17 - 23). 
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As per claim 12, Liu / Caronni teaches a method for securing a communication 
link between at least two members of a private network, the communication link for 
transporting a packet having first header and a payload , the first header identifying a 
source address and a destination address packet (Caronni : Column 2 Line 14 - 35 and 
Column 4 Line 38 - 52), the method including the steps of: 

distributing a security association to each of the at least two members of the 
private network (Caronni : Column 10 Line 24 - 29: distributing a part of the security 
association to each member when a new node joined); 

transforming each packet transferred between the at least two members of the 
private network (Caronni : Column 7 Line 5 - 33, Column 3 Line 17 - 21 and Column 11 
Line 37-43), the step of transforming including the steps of: 

generating a second header, the second header including a source address 
associated with the source address in the first header, and a destination address 
identifying the private network (Caronni : Column 7 Line 5 - 21: the second header is 
the SRC/DST virtual addresses). However, Liu / Caronni does not disclose expressly 
including a gateway source address. 

Shimbo teaches including a gateway source address (Shimbo: Column 26 Line 
28-36 & Caronni : Figure 2B & Column 12 Line 11-19). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu 
because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure (Liu: Para [0015] and [0018]) / Caronni teaches modifying a IP packet 
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format so that any type of delivery scheme may be assigned to any address or group of 
addresses (Caronni: Column 3 Line 19-25) and (b) Shimbo teaches providing an 
efficient, flexible and secured method to protect the data communication in any type of 
networks such as hierarchical organized or mobile computing environment by using a 
security gateway (Shimbo: Column 3 Line 39 - 50). 

replacing the first header of the packet with the generated second header to 
provide a modified packet (Caronni : Column 7 Line 5 - 33, Column 3 Line 17-21 and 
Column 11 Line 37-43); 

applying the security association to the modified packet to provide secure 
packet (Caronni : Column 7 Line 5 - 33, Column 3 Line 17-21 and Column 1 1 Line 37 
- 43: VARPDB stores the mappings of the internal / private address, known as node ID, 
which is considered as a part of the group security association); and 

appending the first header to the secure packet to provide a transformed 
packet; and forwarding the transformed packet over the communication link using the 
private network address (Caronni : Figure 2B & Column 12 Line 1 1 - 19: the first portion 
is the SRC/DST real addresses according the protocol of the backbone is appended to 
the second portion of SRC/DST virtual addresses). 

As per claim 23, Liu / Caronni teaches an apparatus at a node for transforming 
packets for forwarding between a plurality of members of a group communicating on a 
scalable<private network over a backbone, each of the plurality of group members 
communicating with the backbone via respective gateways; wherein the backbone 
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operates according to a protocol (Caronni : Column 2 Line 14-35 and Column 4 Line 
38 - 52), the apparatus comprising: 

a key table, the key table including a security association for each group that the 
node is a member (Caronni : Column 7 Line 5 - 33 : VARPDB stores the mappings of 
the internal / private address, known as node ID, which is considered as a part of key 
table); 

transform logic operable to apply a security association to only a portion of each 
packet transmitted over the private network associated with each group to ensure that a 
remaining portion of the packet enabling communication over the backbone according 
to the protocol is preserved (Caronni : Figure 2B & Column 12 Line 11-19, Column 7 
Line 5 - 33, Column 3 Line 17-21 and Column 1 1 Line 37 - 43: only Supernet virtual 
address contains a modification to the IP packet format that can be used to separate 
network behavior for forwarding communication between members of the group using 
an private network address associated with the group and the portion of SRC/DST real 
address according the protocol of the backbone is preserved); and 

forwarding logic for forwarding communication between members of the group 
using an private network address associated with the group (Caronni : Column 3 Line 
17-23). 

However, Liu / Caronni does not disclose expressly modifying packets received 
from a source member of the group for transfer on a private network over the backbone 
by inserting, into the received packet, a group identifier associated with the private 
network and a gateway address associated with a source member. 
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Shimbo teaches modifying packets received from a source member of the group 
for transfer on a private network over the backbone by inserting, into the received 
packet, a group identifier associated with the private network and a gateway address 
associated with a source member (Shimbo: Column 26 Line 28 - 36 & Caronni : Figure 
2B& Column 12 Line 11 -19). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu 
because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure (Liu: Para [0015] and [0018]) / Caronni teaches modifying a IP packet 
format so that any type of delivery scheme may be assigned to any address or group of 
addresses (Caronni: Column 3 Line 19-25) and (b) Shimbo teaches providing an 
efficient, flexible and secured method to protect the data communication in any type of 
networks such as hierarchical organized or mobile computing environment by using a 
security gateway (Shimbo: Column 3 Line 39 - 50). 

As per claim 2, 13 and 24, Liu / Caronni as modified teaches the backbone 
comprises a plurality of provider devices (Liu: Page 2 Line 1 - 2), and and wherein the 
step of transforming is performed by one of the plurality of provider devices in the 
backbone (Liu: Para [0050] Line 3-7, Para [0065] Line 4-7, Para [0066] Line 1-4/8 
- 10 and Caronni : Column 8 Line 31 - 47: alternatively, the router node, by running 
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SNIogin, can perform address translation and security encapsulation transparently the 
same way as the computer terminal device node does). 

As per claim 4, 14 and 26, Liu / Caronni as modified teaches the step of 
transforming is performed at the first member of the private network (Caronni : Column 
2 Line 27 - 32: terminal computer device Di). 

As per claim 5, Liu / Caronni as modified teaches transforming the second 
portion of the packet comprises the steps of: 

generating a group header associated with the private network (Caronni : 
Column 7 Line 10-14: Supernet ID = group ID); 

appending the group header to the second portion of the packet prior to the step 
of transforming the second portion of the packet to provide a modified packet (Caronni : 
Column 1 1 Line 37 - 61); and 

transforming the modified packet according to the group security association 
associated with the private network to provide the transformed packet (Caronni : 
Column 11 Line 37-43, Column 7 Line 5-33, and Column 3 Line 17-21: VARPDB 
stores the mappings of the internal / private address, known as node ID, which is 
considered as a part of the group security association). 

As per claim 6, Liu / Caronni as modified teaches the first portion of the packet 
comprises a first header, the first header having a type, source and destination, and 
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wherein the group header comprise a group type, the gateway source address, group 
address and wherein the step of generating a group header includes the step of copying 
the type of the first header to the group type (Shimbo: Column 26 Line 28 - 36 & 
Caronni : Figure 2B & Column 12 Line 11-19, Column 3 Line 21 - 23 and Column 5 
Line 20 - 23: a selected group address and group type can be used for any type of 
delivery scheme). 

As per claim 8, Liu / Caronni as modified teaches the group security association 
is an Internet Protocol Security transform (Caronni : Column 9 Line 28: IPSec). 

As per claim 9, Liu / Caronni as modified teaches the group security association 
- is an Encapsulated Security Protocol.(Caronni : Column 9 Line 28: ESP protocol). 

As per claim 1 1 , Liu / Caronni as modified teaches receiving, at each member of 
the private network, a key corresponding to the private network group security 
association (Caronni : Column 10 Line 26 - 29: KMS = Key Management Server). 

5. Claims 3, 15 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Liu (U.S. Patent 2002/0154635), in view of Shimbo et al. (U.S. Patent 6,185,680), 
and in view of Alkhatib et al. (U.S. Patent 2003/0233454). 
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As per claim 3, 15 and 25, Liu does as modified not disclose expressly an edge 
device is disposed between the first member of the private network and the backbone, 
and wherein the step of transforming is performed at the edge device. 

Alkhatib teaches an edge device is disposed between the first member of the 
private network and the backbone, and wherein the step of transforming is performed at 
the edge device (Alkhatib : Par [0049] Line 14-17 and Para [0017] Line 1 - 8: a 
gateway, that changes and encapsulates the destination address, can be considered as 
an edge device, which also appears in the specification of the instant application 
(SPEC: Page 3 Line 14: Customer Edge device may also be referred to as a 
gateway device). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Alkhatib within the system of Liu 
because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure (Liu: Para [0015] and [0018]) and (b) Alkhatib teaches providing a method 
to create a binding between public address and private address when communicating 
over a private network (Alkhatib : Para [0019]). 

6. Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Liu (U.S. 
Patent 2002/0154635). Liu (U.S. Patent 2002/0154635), which incorporates the 
reference of Caronni et al. (U.S. Patent 6,970,941) as shown in (Liu: Para [00021) in 
view of Shimbo et al. (U.S. Patent 6,185,680). 
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As per claim 7, Liu as modified discloses the first header further includes a 
length, the group header further includes a group length, and wherein the method 
includes the steps of copying the length to the group length (Caronni : Column 7 Line 15 
- 16 : Examiner notes any of the standard protocol format obviously conforms to 
standard T / L / V fields (Type, Length, and Value) as a complete layout of a protocol 
specification). 

7. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Liu (U.S. 
Patent 2002/0154635), in view of Shimbo et-al. (U.S. Patent 6,185,680), and in view of 
Boden et al. (U.S. Patent 6,330,562). 

As per claim 10, Liu as modified does not disclose expressly the group security 
association is an Internet Key Encryption. 

Boden teaches the group security association is an Internet Key Encryption 
(Column 2 Line 4-5: IKE scheme). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Boden within the system of Liu 
because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure over a VPN (Virtual Private Network) (Liu: Para [0015] and [0018]) and (b) 
Boden teaches providing a data model for abstracting customer-defined VPN security 
policy information to dynamically negotiate, create, delete, and maintain secure 
connections at the IP level with other VPN nodes (Boden : Abstract). 
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Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Longbit Chai 
Examiner 
Art Unit 2131 
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SUPERVISORY PATENT EXAMINER 
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